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REMARKS 

Please reconsider the application in view of the above amendments and the following 
remarks. Applicants thank the Examiner for carefully considering this application. 

Disposition of Claims 

Claims 27-47 are currently pending in this application. Claims 27, 34, and 41 are 
independent. The remaining claims depend, directly or indirectly, from claims 27, 34, and 41 , 

Claim Amendments 

Claims 1-26 have been cancelled by this reply without prejudice or disclaimer. New claims 
27-47 have been added by this reply. Support for the new claims may be found, for example, on 
pages 33-38 and Figure 5 of the Specification. No new matter is added by way of these 
amendments. 

Amendments to the Abstract 

The abstract has been amended to be consistent with the new claim 27. No new matter has 
been added by this amendment. 

Rejections under 35 U.S.C. § 102 

Claims 1-5, 7-15, 17-22, and 24-26 stand rejected under 35 U.S.C. § 102(e) as anticipated 
by U.S. Patent No. 7,010,582 Bl ("Cheng"). Claims 1-5, 7-15, 17-22, and 24-26 have been 
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cancelled by this reply. Accordingly, this rejection is moot and withdrawal of this rejection is 
respectfully requested. 

Rejections under 35 U.S.C. § 103 

Claims 6, 16, and 23 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over 
Cheng and further in view of U.S. Patent Application Publication No. 2003/0177388 ("Botz"). 
Claims 6, 16, and 23 have been cancelled by this reply. Accordingly, this rejection is moot and 
withdrawal of this rejection is respectfully requested. 

New Claims 

Claims 27-47 have been added by this reply. Claims 27, 34, and 41 are independent. The 
remaining claims depend, directly or indirectly, from claims 27, 34, and 41 . 

Independent claim 27 is directed to a method for managing access to a plurality of 
applications using a central server. In particular, independent claim 27 requires, in part, (i) 
generating identity assertion information using a user name and user password of a user; (ii) 
generating a first artifact associated with the identity assertion information; (iii) providing the first 
artifact to an application (e.g., the second application), where the second application uses the first 
artifact to obtain the identity assertion information and grant access to the user based on the identity 
assertion information, Further, dependent claim 28 requires, in part, (i) generating a second artifact 
associated with the identity assertion information; and (ii) providing the second artifact to an 
application (e.g., the third application), where the third application uses the second artifact to obtain 
the identity assertion information and grant access to the user based on the identity assertion 
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information. Finally, claim 29 recites that the identity assertion information is stored on the central 
server. 

Turning to the cited prior art, the Applicants respectfully assert that neither Cheng nor Botz 
disclose all the limitations recited in claims 27 and 28. Specifically, Cheng and Botz fail to disclose 
at least the following limitations recited in claims 27 and 28: 

1 . Cheng and Botz fail to disclose artifacts as recited in the claims - As discussed above, 
claims 27 and 28 require, in part, that artifacts are generated and provided to applications for the 
purpose of granting a user access to the application. However, the artifacts themselves do not allow 
the user to access the application; rather, the artifacts are used by the application to obtain the 
identity assertion information, which is used to grant access to the application. In contrast, Cheng 
discloses transferring tokens among sites, where the token alone grants access. (See Cheng col. 6 
lines 59-64). Clearly, artifacts used to access identity assertion information (which is used to 
determine whether the user can access the application) is not equivalent to transferring a token that 
on its own grants access to the application. Moreover, Cheng discloses providing user access to 
multiple applications using the same token, while the claim 27 and 28 require different artifacts to 
be used by different application. 

2. Cheng fails to disclose a central server system of any kind - As discussed above, the 
artifacts are used to obtain identity assertion information from the central server (see Claim 29). 
Cheng fails to disclose a central server (or equivalent server) for at least the reasons discussed in the 
Response mailed on July 6, 2007. Moreover, the authentication mechanism in Cheng does require 
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information other than the token to grant access to the user. From this it logically follows that 
Cheng does not need a central server to manage the authentication and, as such, does not include 
one. 

With respect to Botz, Botz fails to disclose that which Cheng lacks as evidenced by the fact 
that Botz is only relied upon to disclose that the identity assertion information complies with the 
SAML standard. See Final Office Action mailed on January 9, 2008, pp. 14-15. 

In view of the above, Cheng and Botz fail to disclose all the limitations of claims 27-29. 
Accordingly, claims 27-29 are patentable over Cheng and Botz. Further, claims 34-36 and 40-41 
include similar limitations to claims 27-29 and, accordingly, are patentable over Cheng and Botz for 
at least the same reasons as claims 27-29. Finally, the remaining dependent claims are patentable 
over Cheng and Botz for at least the same reasons as independent claims 27, 34, and 41. In view of 
the above, favorable action in the form of a Notice of Allowability is respectfully requested. 
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Conclusion 

Applicants believe this reply is fully responsive to all outstanding issues and places 
this application in condition for allowance. If this belief is incorrect, or other issues arise, the 
Examiner is encouraged to contact the undersigned or his associates at the telephone number listed 
below. Please apply any charges not covered, or any credits, to Deposit Account 50-0591 
(Reference Number 03226/475001; P8956), 

Dated: February 26, 2008 Respectfully submitted, 

B y /Robert P. Lord/ 



Robert P. Lord 
Registration No.: 46,479 
OSHA • LIANG LLP 
1221 McKinney St., Suite 2800 
Houston, Texas 77010 
(713) 228-8600 Phone 
(713) 890-1714 Direct 
(713) 228-8778 (Fax) 
Attorney for Applicants 



12 



